Chatta subito con l'assistenza

Ottieni assistenza in tempo reale
Completa la registrazione

Accedi

Richiedi prezzo

Contatta il supporto vendite

Change Auditor Threat Detection 7.1.1 - Deployment Guide

Table of Contents

Deploying Threat Detection

Introduction to Change Auditor Threat Detection

Who should have input on the deployment plan? Components and workflow

Requirements and prerequisites Events to configure Port Requirements Maintaining the Change Auditor database size Deploying a Threat Detection server on ESX Deploying a Threat Detection server on Hyper-V

Hyper-V resource control settings

Upgrading the Threat Detection server

Upgrade from Change Auditor version 7.0.2

Update-CAThreatDetectionServer

Upgrade from Change Auditor version 7.0 and 7.0.1

Upload the update package to the Threat Detection server Upgrade the Threat Detection server Join the Threat Detection server to the coordinator's domain Configure the service account

Creating a Threat Detection configuration Reviewing configuration status

Configured server deployment details

Removing a configuration Historical events and your baseline calculations

Threat Detection configuration commands

Adding the PowerShell module Viewing available commands and help Threat Detection sample scripts Connecting to Change Auditor

Connect-CAClient

Managing a Threat Detection configuration

New-CAThreatDetectionConfiguration Get-CAThreatDetectionConfiguration Set-CAThreatDetectionConfiguration Remove-CAThreatDetectionConfiguration

Appendix: System Architecture

Threat Detection system overview

Deploying Threat Detection

•

Introduction to Change Auditor Threat Detection

•

Who should have input on the deployment plan?

•

Components and workflow

•

Requirements and prerequisites

•

Events to configure

•

Port Requirements

•

Deploying a Threat Detection server on ESX

•

Deploying a Threat Detection server on Hyper-V

•

Upgrading the Threat Detection server

•

Creating a Threat Detection configuration

•

Reviewing configuration status

•

Removing a configuration

•

Maintaining the Change Auditor database size

•

Historical events and your baseline calculations

Introduction to Change Auditor Threat Detection

To protect your data and your business, Change Auditor Threat Detection uses advanced machine learning, user and entity behavioral analytics (UEBA), and SMART correlation technology to spot anomalous activity and identify the highest risk users in your environment. The users with the highest risk scores are then highlighted in the Threat Detection dashboard, enabling you to prioritize your response and adjust policies to strengthen your organization’s security and regulatory enforcement.

For details about using the Threat Detection dashboard see the Change Auditor Threat Detection User Guide.

This guide gives information about how Change Auditor integrates with the Threat Detection server to process event data. It is intended for administrators who are responsible for the implementation, deployment, and monitoring of the Change Auditor Threat Detection deployment and configuration.

Who should have input on the deployment plan?

A complete deployment plan requires the combined effort of the resources within your organization who are responsible for information security, such as:

•

Chief Information Security Officers who understand the complexities of the enterprise’s IT infrastructure and are responsible for the overall handling of key vulnerabilities. Change Auditor provides data to help them deliver security updates and communications.

•

Security architects who are responsible for building and overseeing the implementation of the network’s security measures. They need to define the threat priorities for their environment.

•

Database and network administrators who are responsible for the implementation, deployment, and monitoring of the Change Auditor Threat Detection configuration.

•

Auditors and network administrators who are responsible for reviewing the potential threats, optimizing the system by inputting feedback, and prioritizing and investigate the most serious threats.

Components and workflow

Change Auditor sends events in real time to the Threat Detection server to be used for analysis based on calculated user behavior baselines.

See the Change Auditor Threat Detection User Guide for details on Threat Detection concepts and terms.

To enable Threat Detection:

1

Apply the required licenses. (Change Auditor Threat Detection and any required Change Auditor auditing modules.) If you are using more than one coordinator, apply the license to all of them. To verify that a license is applied, right-click the coordinator icon in the system tray and select Licensing.

2

Configure required events for Threat Detection. See Events to configure.

3

Deploy the Threat Detection server on a virtual computer. See Deploying a Threat Detection server on ESX and Deploying a Threat Detection server on Hyper-V.

4

Configure Change Auditor to send collected event data to the Threat Detection server. See Creating a Threat Detection configuration.

5

Login to the Threat Detection dashboard to see the alerts and data. See the Threat Detection User Guide for information about navigating the dashboard and using the data to secure your environment.

Strumenti self-service: Knowledge Base; Notifiche e avvisi; Supporto prodotti; Download di software; Documentazione tecnica; Forum utente; Esercitazioni video; Feed RSS

Contatti: Richiedi assistenza sulle licenze; Supporto tecnico; Visualizza tutto

Related Documents

The document was helpful.

Seleziona valutazione

I easily found the information I needed.

Seleziona valutazione

© ALL RIGHTS RESERVED. Feedback Termini di utilizzo Privacy Cookie Preference Center